The Dark Side of E-Commerce: Dropshipping Abuse as a Business Model
2024-1-16 20:29:1 Author: www.ndss-symposium.org(查看原文) 阅读量:14 收藏

Summer Cycle

LDR: Secure and Efficient Linux Driver Runtime for Embedded TEE Systems
Huaiyu Yan, Zhen Ling, Haobo Li (Southeast University); Lan Luo (Anhui University of Technology); Xinhui Shao, Kai Dong, Ping Jiang, Ming Yang (Southeast University); Junzhou Luo (Southeast University, Nanjing, P.R. China); Xinwen Fu (University of Massachusetts Lowell)

Overconfidence is a Dangerous Thing: Mitigating Membership Inference Attacks by Enforcing Less Confident Prediction
Zitao Chen, Karthik Pattabiraman (University of British Columbia)

GhostType: The Limits of Using Contactless Electromagnetic Interference to Inject Phantom Keys into Analog Circuits of Keyboards
Qinhong Jiang, Yanze Ren (Zhejiang University); Yan Long (University of Michigan); Chen Yan (Zhejiang University); Yumai Sun (University of Michigan); Xiaoyu Ji (Zhejiang University); Kevin Fu (Northeastern University); Wenyuan Xu (Zhejiang University)

Inaudible Adversarial Perturbation: Manipulating the Recognition of User Speech in Real Time
Xinfeng Li, Chen Yan, Xuancun Lu, Zihan Zeng, Xiaoyu Ji, Wenyuan Xu (Zhejiang University)

Architecting Trigger-Action Platforms for Security, Performance and Functionality
Deepak Sirone Jegan (University of Wisconsin-Madison); Michael Swift (University of Wisconsin-Madison); Earlence Fernandes (UC San Diego)

File Hijacking Vulnerability: The Elephant in the Room
Chendong Yu, Yang Xiao (Institute of Information Engineering, Chinese Academy of Sciences and School of Cyber Security, University of Chinese Academy of Sciences); Jie Lu (Institute of Computing Technology of the Chinese Academy of Sciences); Yuekang Li (University of New South Wales); Yeting Li (Institute of Information Engineering, Chinese Academy of Sciences and School of Cyber Security, University of Chinese Academy of Sciences); Lian Li (Institute of Computing Technology of the Chinese Academy of Sciences); Yifan Dong, Jian Wang, Jingyi Shi, Defang Bo, Wei Huo (Institute of Information Engineering, Chinese Academy of Sciences and School of Cyber Security, University of Chinese Academy of Sciences)

The Dark Side of E-Commerce: Dropshipping Abuse as a Business Model
Arjun Arunasalam (Purdue University); Andrew Chu (University of Chicago); Muslum Ozgur Ozmen (Purdue University); Habiba Farrukh (University of California, Irvine); Z. Berkay Celik (Purdue University)

Compromising Industrial Processes using Web-Based Programmable Logic Controller Malware
Ryan Pickren, Tohid Shekari, Saman Zonouz, Raheem Beyah (Georgia Institute of Technology)

IDA: Hybrid Attestation with Support for Interrupts and TOCTOU
Fatemeh Arkannezhad, Justin Feng, Nader Sehatbakhsh (UCLA)

TrustSketch: Trustworthy Sketch-based Telemetry on Cloud Hosts
Zhuo Cheng (Carnegie Mellon University); Maria Apostolaki (Princeton University); Zaoxing Liu (University of Maryland); Vyas Sekar (Carnegie Mellon University)

HEIR: A Unified Representation for Cross-Scheme Compilation of Fully Homomorphic Computation
Song Bian, Zian Zhao, Zhou Zhang, Ran Mao (Beihang University); Kohei Suenaga (Kyoto University); Yier Jin (University of Science and Technology of China); Zhenyu Guan, Jianwei Liu (Beihang University)

Low-Quality Training Data Only? A Robust Framework for Detecting Encrypted Malicious Network Traffic
Yuqi Qing (Tsinghua University); Qilei Yin (Zhongguancun Laboratory); Xinhao Deng, Yihao Chen, Zhuotao Liu (Tsinghua University); Kun Sun (George Mason University); Ke Xu, Jia Zhang, Qi Li (Tsinghua University)

Symphony: Path Validation at Scale
Anxiao He, Jiandong Fu, Kai Bu, Ruiqi Zhou, Chenlu Miao, Kui Ren (Zhejiang University)

BreakSPF: How Shared Infrastructures Magnify SPF Vulnerabilities Across the Internet
Chuhan Wang, Yasuhiro Kuranaga, Yihang Wang (Tsinghua University); Mingming Zhang (Zhongguancun Laboratory); Linkai Zheng, Xiang Li (Tsinghua University); Jianjun Chen (Tsinghua University; Zhongguancun Laboratory); Haixin Duan (Tsinghua University; Quan Cheng Lab; Zhongguancun Laboratory); Yanzhong Lin, Qingfeng Pan (Coremail Technology Co. Ltd)

Facilitating Non-Intrusive In-Vivo Firmware Testing with Stateless Instrumentation
Jiameng Shi (University of Georgia); Wenqiang Li (Independent Researcher); Wenwen Wang, Le Guan (University of Georgia)

MOCK: Optimizing Kernel Fuzzing Mutation with Context-aware Dependency
Jiacheng Xu, Xuhong Zhang, Shouling Ji (Zhejiang University); Yuan Tian (UCLA); Binbin Zhao (Georgia Institute of Technology); Qinying Wang, Peng Cheng, Jiming Chen (Zhejiang University)

ShapFuzz: Efficient Fuzzing via Shapley-Guided Byte Selection
Kunpeng Zhang (Shenzhen International Graduate School, Tsinghua University); Xiaogang Zhu (Swinburne University of Technology); Xi Xiao (Shenzhen International Graduate School, Tsinghua University); Minhui Xue (CSIRO’s Data61); Chao Zhang (Tsinghua University); Sheng Wen (Swinburne University of Technology)

Compensating Removed Frequency Components: Thwarting Voice Spectrum Reduction Attacks
Shu Wang, Kun Sun (George Mason University); Qi Li (Tsinghua University)

Content Censorship in the InterPlanetary File System
Srivatsan Sridhar (Stanford University); Onur Ascigil (Lancaster University); Navin Keizer (University College London); François Genon, Sébastien Pierre (UCLouvain); Yiannis Psaras (Protocol Labs); Etienne Rivière (UCLouvain); Michał Król (City, University of London)

Enhance Stealthiness and Transferability of Adversarial Attacks with Class Activation Mapping Ensemble Attack
Hui Xia, Rui Zhang, Zi Kang, Shuliang Jiang, Shuo Xu (Ocean University of China)

ORL-AUDITOR: Dataset Auditing in Offline Deep Reinforcement Learning
Linkang Du (Zhejiang University); Min Chen (CISPA Helmholtz Center for Information Security); Mingyang Sun, Shouling Ji, Peng Cheng, Jiming Chen (Zhejiang University); Zhikun Zhang (Stanford University)

Understanding and Analyzing Appraisal Systems in the Underground Marketplaces
Zhengyi Li, Xiaojing Liao (Indiana University Bloomington)

Front-running Attack in Sharded Blockchains and Fair Cross-shard Consensus
Jianting Zhang (Purdue University); Wuhui Chen, Sifu Luo (Sun Yat-sen University); Tiantian Gong (Purdue University); Zicong Hong (The Hong Kong Polytechnic University); Aniket Kate (Purdue University)

NODLINK: An Online System for Fine-Grained APT Attack Detection and Investigation
Shaofei Li (Key Laboratory of High-Confidence Software Technologies (MOE), School of Computer Science, Peking University); Feng Dong (Huazhong University of Science and Technology); Xusheng Xiao (Arizona State University); Haoyu Wang (Huazhong University of Science and Technology); Fei Shao (Case Western Reserve University); Jiedong Chen (Sangfor Technologies Inc.); Yao Guo, Xiangqun Chen (Key Laboratory of High-Confidence Software Technologies (MOE), School of Computer Science, Peking University); Ding Li (Key Laboratory of High-Confidence Software Technologies (MOE), School of Computer Science, Peking University)

SigmaDiff: Semantics-Aware Deep Graph Matching for Pseudocode
Diffing Lian Gao, Yu Qu (University of California Riverside); Sheng Yu (University of California, Riverside & Deepbits Technology Inc.); Yue Duan (Singapore Management University); Heng Yin (University of California, Riverside & Deepbits Technology Inc.)

Attributions for ML-based ICS Anomaly Detection: From Theory to Practice
Clement Fung, Eric Zeng, Lujo Bauer (Carnegie Mellon University)

Pisces: Private and Compliable Cryptocurrency Exchange
Ya-Nan Li, Tian Qiu, Qiang Tang (The University of Sydney)

LARMix: Latency-Aware Routing in Mix Networks
Mahdi Rahimi, Piyush Kumar Sharma, Claudia Diaz (KU Leuven)

CrowdGuard: Federated Backdoor Detection in Federated Learning
Phillip Rieger (Technical University of Darmstadt); Torsten Krauß (University of Würzburg); Markus Miettinen (Technical University of Darmstadt); Alexandra Dmitrienko (University of Würzburg); Ahmad-Reza Sadeghi (Technical University of Darmstadt)

LMSanitator: Defending Prompt-Tuning Against Task-Agnostic Backdoors
Chengkun Wei, Wenlong Meng (Zhejiang University); Zhikun Zhang (Stanford University); Min Chen (CISPA Helmholtz Center for Information Security); Minghu Zhao (Zhejiang University); Wenjing Fang, Lei Wang (Ant Group); Zihui Zhang, Wenzhi Chen (Zhejiang University)

Eavesdropping on Black-box Mobile Devices via Audio Amplifier’s EMR
Huiling Chen, Wenqiang Jin, Yupeng Hu, Zhenyu Ning (College of Computer Science and Electronic Engineering, Hunan University, Changsha, China); Kenli Li (College of Computer Science and Electronic Engineering, National Supercomputing Center in Changsha, Hunan University); Zheng Qin (College of Computer Science and Electronic Engineering, Hunan University, Changsha, China); Mingxing Duan (College of Computer Science and Electronic Engineering, National Supercomputing Center in Changsha, Hunan University); Yong Xie (Nanjing University of Posts and Telecommunications, Nanjing, China); Daibo Liu (College of Computer Science and Electronic Engineering, Hunan University, Changsha, China); Ming Li (The University of Texas at Arlington, USA)

Unus pro omnibus: Multi-Client Searchable Encryption via Access Control
Jiafan Wang (Data61, CSIRO); Sherman S. M. Chow (The Chinese University of Hong Kong)

Bernoulli Honeywords
Ke Coby Wang, Michael K. Reiter (Duke University)

Transpose Attack: Stealing Datasets with Bidirectional Training
Guy Amit, Moshe Levy, Yisroel Mirsky (Ben-Gurion University)

Crafter: Facial Feature Crafting against Inversion-based Identity Theft on Deep Models
Shiming Wang, Zhe Ji, Liyao Xiang, Hao Zhang, Xinbing Wang (Shanghai Jiao Tong University); Chenghu Zhou (Chinese Academy of Sciences); Bo Li (Hong Kong University of Science and Technology)

LiDAR Spoofing Meets the New-Gen: Capability Improvements, Broken Assumptions, and New Attack Strategies
Takami Sato (University of California, Irvine); Yuki Hayakawa, Ryo Suzuki, Yohsuke Shiiki, Kentaro Yoshioka (Keio University); Qi Alfred Chen (University of California, Irvine)

MPCDiff: Testing and Repairing MPC-Hardened Deep Learning Models
Qi Pang (Carnegie Mellon University); Yuanyuan Yuan (HKUST); Shuai Wang (HKUST)

On Precisely Detecting Censorship Circumvention in Real-World Networks
Ryan Wails (Georgetown University, U.S. Naval Research Laboratory); George Arnold Sullivan (University of California, San Diego); Micah Sherr (Georgetown University); Rob Jansen (U.S. Naval Research Laboratory)

Modeling and Detecting Internet Censorship Events
Elisa Tsai, Ram Sundara Raman, Atul Prakash, Roya Ensafi (University of Michigan)

Exploiting Sequence Number Leakage: TCP Hijacking in NAT-Enabled Wi-Fi Networks
Yuxiang Yang, Xuewei Feng, Qi Li (Tsinghua University); Kun Sun (George Mason University); Ziqiang Wang (Southeast University); Ke Xu (Tsinghua University)

GNNIC: Finding Long-Lost Sibling Functions with Abstract Similarity
Qiushi Wu (University of Minnesota); Zhongshu Gu, Hani Jamjoom (IBM Research); Kangjie Lu (University of Minnesota)

Fall Cycle

CP-IoT: A Cross-Platform Monitoring System for Smart Home
Hai Lin, Chenglong Li, Jiahai Yang, Zhiliang Wang (Tsinghua University); Linna Fan (National University of Defense Technology); Chenxin Duan (Tsinghua University)

A Two-Layer Blockchain Sharding Protocol Leveraging Safety and Liveness for Enhanced Performance
Yibin Xu, Jingyi Zheng, Boris Düdder, Tijs Slaats, Yongluan Zhou (University of Copenhagen)

Efficient and Timely Revocation of V2X Credentials
Gianluca Scopelliti (Ericsson & KU Leuven); Christoph Baumann (Ericsson); Fritz Alder, Eddy Truyen (KU Leuven); Jan Tobias Mühlberg (Université libre de Bruxelles & KU Leuven)

Secret-Shared Shuffle with Malicious Security
Xiangfu Song (National University of Singapore); Dong Yin (Ant Group); Jianli Bai (The University of Auckland); Changyu Dong (Guangzhou University); Ee-Chien Chang (National University of Singapore)

LoRDMA: A New Low-Rate DoS Attack in RDMA Networks
Shicheng Wang (Tsinghua University); Menghao Zhang (Beihang University & Infrawaves); Yuying Du (Information Engineering University); Ziteng Chen (Southeast University); Zhiliang Wang, Mingwei Xu (Tsinghua University & Zhongguancun Laboratory); Renjie Xie (Tsinghua University); Jiahai Yang (Tsinghua University & Zhongguancun Laboratory)

ReqsMiner: Automated Discovery of CDN Forwarding Request Inconsistencies and DoS Attacks with Grammar-based Fuzzing
Linkai Zheng, Xiang Li, Chuhan Wang, Run Guo (Tsinghua University); Haixin Duan (Tsinghua University; Quancheng Laboratory); Jianjun Chen, Chao Zhang (Tsinghua University; Zhongguancun Laboratory); Kaiwen Shen (Tsinghua University)

Beyond the Surface: Uncovering the Unprotected Components of Android Against Overlay Attack
Hao Zhou (The Hong Kong Polytechnic University); Shuohan Wu (The Hong Kong Polytechnic University); Chenxiong Qian (University of Hong Kong); Xiapu Luo (The Hong Kong Polytechnic University); Haipeng Cai (Washington State University); Chao Zhang (Tsinghua University)

Automatic Policy Synthesis and Enforcement for Protecting Untrusted Deserialization
Quan Zhang, Yiwen Xu, Zijing Yin, Chijin Zhou, Yu Jiang (Tsinghua University)

Like, Comment, Get Scammed: Characterizing Comment Scams on Media Platforms
Xigao Li, Amir Rahmati, Nick Nikiforakis (Stony Brook University)

Acoustic Keystroke Leakage on Smart Televisions
Tejas Kannan, Synthia Qia Wang, Max Sunog (University of Chicago); Abraham Bueno de Mesquita (University of Chicago Laboratory Schools); Nick Feamster, Henry Hoffmann (University of Chicago)

UntrustIDE: Exploiting Weaknesses in VS Code Extensions
Elizabeth Lin, Igibek Koishybayev, Trevor Dunlap, William Enck, Alexandros Kapravelos (North Carolina State University)

IdleLeak: Exploiting Idle State Side Effects for Information Leakage
Fabian Rauscher, Andreas Kogler, Jonas Juffinger, Daniel Gruss (Graz University of Technology)

DynPRE: Protocol Reverse Engineering via Dynamic Inference
Zhengxiong Luo (Tsinghua University); Kai Liang (Central South University); Yanyang Zhao, Feifan Wu, Junze Yu (Tsinghua University); Heyuan Shi (Central South University); Yu Jiang (Tsinghua University)

Group-based Robustness: A General Framework for Customized Robustness in the Real World
Weiran Lin, Keane Lucas (Carnegie Mellon University); Neo Eyal (Tel Aviv University); Lujo Bauer (Carnegie Mellon University); Michael K. Reiter (Duke University); Mahmood Sharif (Tel Aviv University)

TextGuard: Provable Defense against Backdoor Attacks on Text Classification
Hengzhi Pei (University of Illinois Urbana-Champaign); Jinyuan Jia (The Pennsylvania State University); Wenbo Guo (UC Berkeley); Bo Li (University of Illinois Urbana-Champaign); Dawn Song (UC Berkeley)

Eavesdropping on Controller Acoustic Emanation for Keystroke Inference Attack in Virtual Reality
Shiqing Luo, Anh Nguyen (George Mason University); Hafsa Farooq (Georgia State University); Kun Sun, Zhisheng Yan (George Mason University)

Decentralized Information-Flow Control for ROS2
Nishit V. Pandya, Himanshu Kumar, Gokulnath M. Pillai, Vinod Ganapathy (Indian Institute of Science Bangalore)

BliMe: Verifiably Secure Outsourced Computation with Hardware-Enforced Taint Tracking
Hossam ElAtali (University of Waterloo); Lachlan J. Gunn (Aalto University); Hans Liljestrand (University of Waterloo); N. Asokan (University of Waterloo, Aalto University)

Don’t Interrupt Me – A Large-Scale Study of On-Device Permission Prompt Quieting in Chrome
Marian Harbach, Igor Bilogrevic, Enrico Bacis, Serena Chen, Ravjit Uppal, Andy Paicu, Elias Klim, Meggyn Watkins, Balazs Engedy (Google)

Predictive Context-sensitive Fuzzing
Pietro Borrello (Sapienza University of Rome); Andrea Fioraldi (EURECOM); Daniele Cono D’Elia (Sapienza University of Rome); Davide Balzarotti (Eurecom); Leonardo Querzoni (Sapienza University of Roma); Cristiano Giuffrida (Vrije Universiteit Amsterdam)

Improving the Robustness of Transformer-based Large Language Models with Dynamic Attention
Lujia Shen, Yuwen Pu, Shouling Ji (Zhejiang University); Changjiang Li (Penn State); Xuhong Zhang (Zhejiang University); Chunpeng Ge (Shandong University); Ting Wang (Penn State)

Timing Channels in Adaptive Neural Networks
Ayomide Akinsanya, Tegan Brennan (Stevens Institute of Technology)

Leaking the Privacy of Groups and More: Understanding Privacy Risks of Cross-App Content Sharing in Mobile Ecosystem
Jiangrong Wu, Yuhong Nan (Sun Yat-sen University); Luyi Xing (Indiana University Bloomington); Jiatao Cheng (Sun Yat-sen University); Zimin Lin (Alibaba Group); Zibin Zheng (Sun Yat-sen University); Min Yang (Fudan University)

MadRadar: A Black-Box Physical Layer Attack Framework on mmWave Automotive FMCW Radars
David Hunt, Kristen Angell, Zhenzhou Qi, Tingjun Chen, Miroslav Pajic (Duke University)

CamPro: Camera-based Anti-Facial Recognition
Wenjun Zhu, Yuan Sun, Jiani Liu, Yushi Cheng, Xiaoyu Ji, Wenyuan Xu (Zhejiang University)

PriSrv: Privacy-Enhanced and Highly Usable Service Discovery in Wireless Communications
Yang Yang, Robert H. Deng, Guomin Yang (School of Computing and Information Systems, Singapore Management University, Singapore); Yingjiu Li (Department of Computer Science, University of Oregon, USA); HweeHwa Pang, Minming Huang (School of Computing and Information Systems, Singapore Management University, Singapore); Rui Shi (School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing, China); Jian Weng (College of Information Science and Technology, Jinan University, Guangzhou, China)

50 Shades of Support: A Device-Centric Analysis of Android Security Updates
Abbas Acar (Florida International University); Güliz Seray Tuncay (Google); Esteban Luques, Harun Oz, Ahmet Aris, Selcuk Uluagac (Florida International University)

SENSE: Enhancing Microarchitectural Awareness for TEEs via Subscription-Based Notification
Fan Sang, Jaehyuk Lee (Georgia Institute of Technology); Xiaokuan Zhang (George Mason University); Meng Xu (University of Waterloo); Scott Constable, Yuan Xiao, Michael Steiner, Mona Vij (Intel); Taesoo Kim (Georgia Institute of Technology)

MASTERKEY: Automated Jailbreaking of Large Language Model Chatbots
Gelei Deng, Yi Liu (Nanyang Technological University); Yuekang Li (University of New South Wales); Kailong Wang (Huazhong University of Science and Technology); Ying Zhang (Virginia Tech); Zefeng Li (Nanyang Technological University); Haoyu Wang (Huazhong University of Science and Technology); Tianwei Zhang, Yang Liu (Nanyang Technological University)

Detecting Voice Cloning Attacks via Timbre Watermarking
Chang Liu (University of Science and Technology of China); Jie Zhang, Tianwei Zhang (Nanyang Technological University); Xi Yang, Weiming Zhang, NengHai Yu (University of Science and Technology of China)

Understanding Route Origin Validation (ROV) Deployment in the Real World and Why MANRS Action 1 Is Not Followed
Lancheng Qin (Tsinghua University, BNRist); Li Chen (Zhongguancun Laboratory); Dan Li (Tsinghua University, Zhongguancun Laboratory); Honglin Ye, Yutian Wang (Tsinghua University)

Sharing cyber threat intelligence: Does it really help?
Beomjin Jin, Eunsoo Kim (Sungkyunkwan University); Hyunwoo Lee (KENTECH); Elisa Bertino (Purdue University); Doowon Kim (University of Tennessee, Knoxville); Hyoungshick Kim (Sungkyunkwan University)

Maginot Line: Assessing a New Cross-app Threat to PII-as-Factor Authentication in Chinese Mobile Apps
Fannv He (National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, China); Yan Jia (DISSec, College of Cyber Science, Nankai University, China); Jiayu Zhao, Yue Fang, Jice Wang, Mengyue Feng (National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, China); Peng Liu (College of Information Sciences and Technology, Pennsylvania State University, USA); Yuqing Zhang (National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, China; Hangzhou Institute of Technology & School of Cyber Engineering, Xidian University, China; School of Cyberspace Security, Hainan University, China)

A Duty to Forget, a Right to be Assured? Exposing Vulnerabilities in Machine Unlearning Services
Hongsheng Hu, Shuo Wang (CSIRO’s Data61); Jiamin Chang, Haonan Zhong (University of New South Wales); Ruoxi Sun (CSIRO’s Data61); Shuang Hao (University of Texas at Dallas); Haojin Zhu (Shanghai Jiao Tong University); Minhui Xue (CSIRO’s Data61)

When Cryptography Needs a Hand: Practical Post-Quantum Authentication for V2V Communications
Geoff Twardokus (Rochester Institute of Technology); Nina Bindel (SandboxAQ); Hanif Rahbari (Rochester Institute of Technology); Sarah McCarthy (University of Waterloo)

ReplicaWatcher: Training-less Anomaly Detection in Containerized Microservices
Asbat El Khairi (University of Twente); Marco Caselli (Siemens AG); Andreas Peter (University of Oldenburg); Andrea Continella (University of Twente)

A Security and Usability Analysis of Local Attacks Against FIDO2
Tarun Kumar Yadav, Kent Seamons (Brigham Young University)

Sneaky Spikes: Uncovering Stealthy Backdoor Attacks in Spiking Neural Networks with Neuromorphic Data
Gorka Abad (Radboud University & Ikerlan Technology Research Centre); Oguzhan Ersoy (Radboud University); Stjepan Picek (Radboud University & Delft University of Technology); Aitor Urbieta (Ikerlan Technology Research Centre, Basque Research and Technology Alliance (BRTA))

Flow Correlation Attacks on Tor Onion Service Sessions with Sliding Subset Sum
Daniela Lopes (INESC / IST – Universidade de Lisboa); Jin-Dong Dong (Carnegie Mellon University); Daniel Castro (INESC / IST – Universidade de Lisboa); Pedro Medeiros (INESC-ID, IST, Universidade de Lisboa); Diogo Barradas (University of Waterloo); Bernardo Portela (INESC TEC/ Universidade do Porto); Jo√£o Vinagre (INESC TEC & U. Porto); Bernardo Ferreira (LASIGE, Faculdade de Ciências, Universidade de Lisboa); Nicolas Christin (Carnegie Mellon University); Nuno Santos (INESC-ID / Instituto Superior Tecnico, University of Lisbon)

Faster and Better: Detecting Vulnerabilities in Linux-based IoT Firmware with Optimized Reaching Definition Analysis
Zicong Gao (State Key Laboratory of Mathematical Engineering and Advanced Computing); Chao Zhang (Tsinghua University); Hangtian Liu (State Key Laboratory of Mathematical Engineering and Advanced Computing); Wenhou Sun (Tsinghua University); Zhizhuo Tang, Liehui Jiang (State Key Laboratory of Mathematical Engineering and Advanced Computing); Jianjun Chen (Tsinghua University); Yong Xie (Qinghai University)

FP-Fed: Privacy-Preserving Federated Detection of Browser Fingerprinting
Meenatchi Sundaram Muthu Selva Annamalai (University College London); Igor Bilogrevic (Google); Emiliano De Cristofaro (University College London)

A Unified Symbolic Analysis of WireGuard
Sylvain Ruhault (Agence Nationale de la Sécurité des Systèmes d’Information); Pascal Lafourcade, Dhekra Mahmoud (Universite Clermont Auvergne)

dRR: A Decentralized, Scalable, and Auditable Architecture for RPKI Repository
Yingying Su, Dan Li (Tsinghua University); Li Chen (Zhongguancun Laboratory); Qi Li (Tsinghua university); Sitong Ling (Tsinghua University)

SSL-WM: A Black-Box Watermarking Approach for Encoders Pre-trained by Self-Supervised Learning
Peizhuo Lv, Pan Li, Shenchen Zhu (Institute of Information Engineering, Chinese Academy of Sciences, China; School of Cyber Security, University of Chinese Academy of Sciences, China); Shengzhi Zhang (Department of Computer Science, Metropolitan College, Boston University, USA); Kai Chen, Ruigang Liang, Chang Yue, Fang Xiang, Yuling Cai, Hualong Ma (Institute of Information Engineering, Chinese Academy of Sciences, China; School of Cyber Security, University of Chinese Academy of Sciences, China); Yingjun Zhang (Institute of Software, Chinese Academy of Sciences, China); Guozhu Meng (Institute of Information Engineering, Chinese Academy of Sciences, China; School of Cyber Security, University of Chinese Academy of Sciences, China)

Information Based Heavy Hitters for Real-Time DNS Data Exfiltration Detection
Yarin Ozery (Ben-Gurion University of the Negev, Akamai Technologies inc.); Asaf Shabtai, Asaf Nadler (Ben-Gurion University of the Negev)

TEE-SHirT: Scalable Leakage-Free Cache Hierarchies for TEEs
Kerem Arikan, Abraham Farrell, Williams Zhang Cen, Jack McMahon, Barry Williams, Yu David Liu (Binghamton University); Nael Abu-Ghazaleh (University of California, Riverside); Dmitry Ponomarev (Binghamton University)

DeGPT: Optimizing Decompiler Output with LLM
Peiwei Hu, Ruigang Liang (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China); Kai Chen (Institute of Information Engineering, Chinese Academy of Sciences, China)

GraphGuard: Detecting and Counteracting Training Data Misuse in Graph Neural Networks
Bang Wu (CSIRO’s Data61/Monash University); He Zhang, Xiangwen Yang (Monash University); Shuo Wang (CSIRO’s Data61/Shanghai Jiao Tong University); Minhui Xue (CSIRO’s Data61); Shirui Pan (Griffith University); Xingliang Yuan (Monash University)

Scrappy: SeCure Rate Assuring Protocol with PrivacY
Kosei Akama (Keio University); Yoshimichi Nakatsuka (ETH Zurich); Sato Masaaki (Tokai University); Keisuke Uehara (Keio university)

Gradient Shaping: Enhancing Backdoor Attack Against Reverse Engineering
Rui Zhu (Indiana University Bloominton); Di Tang, Siyuan Tang, Zihao Wang (Indiana University Bloomington); Guanhong Tao (Purdue University); Shiqing Ma (University of Massachusetts Amherst); XiaoFeng Wang (Indiana University Bloomington); Haixu Tang (Indiana University, Bloomington)

Untangle: Multi-Layer Web Server Fingerprinting
Cem Topcuoglu (Northeastern University); Kaan Onarlioglu (Akamai Technologies); Bahruz Jabiyev, Engin Kirda (Northeastern University)

Faults in Our Bus: Novel Bus Fault Attack to Break ARM TrustZone
Nimish Mishra, Anirban Chakraborty, Debdeep Mukhopadhyay (Department of Computer Science and Engineering, IIT Kharagpur)

Pencil: Private and Extensible Collaborative Learning without the Non-Colluding Assumption
Xuanqi Liu, Zhuotao Liu, Qi Li, Ke Xu, Mingwei Xu (Tsinghua University)

DeepGo: Predictive Directed Greybox Fuzzing
Peihong Lin, Pengfei Wang, Xu Zhou, Wei Xie, Kai Lu, Gen Zhang (National University of Defense Technology)

IRRedicator: Pruning IRR with RPKI-Valid BGP Insights
Minhyeok Kang (Seoul National University); Weitong Li (Virginia Tech); Roland van Rijswijk-Deij (University of Twente); Taekyoung “Ted” Kwon (Seoul National University); Taejoong Chung (Virginia Tech)

5G-Spector: An O-RAN Compliant Layer-3 Cellular Attack Detection Service
Haohuang Wen (Ohio State University); Phillip Porras, Vinod Yegneswaran, Ashish Gehani (SRI International); Zhiqiang Lin (Ohio State University)

Parrot-Trained Adversarial Examples: Pushing the Practicality of Black-Box Audio Attacks against Speaker Recognition Models
Rui Duan (University of South Florida); Zhe Qu (Central South University); Leah Ding (American University); Yao Liu, Zhuo Lu (University of South Florida)

EM Eye: Characterizing Electromagnetic Side-channel Eavesdropping on Embedded Cameras
Yan Long (University of Michigan); Qinhong Jiang, Chen Yan (Zhejiang University); Tobias Alam (University of Michigan); Xiaoyu Ji, Wenyuan Xu (Zhejiang University); Kevin Fu (Northeastern University)

Large Language Model guided Protocol Fuzzing
Ruijie Meng (National University of Singapore, Singapore); Martin Mirchev (National University of Singapore); Marcel Böhme (MPI-SP, Germany and Monash University, Australia); Abhik Roychoudhury (National University of Singapore)

Phoenix: Surviving Unpatched Vulnerabilities via Accurate and Efficient Filtering of Syscall Sequences
Hugo Kermabon-Bobinnec, Lingyu Wang (Concordia University); Yosr Jarraya (Ericsson Security Research); Suryadipta Majumdar (Concordia University); Makan Pourzandi (Ericsson Security Research)

ActiveDaemon: Unconscious DNN Dormancy and Waking Up via User-specific Invisible Token
Ge Ren, Gaolei Li, Shenghong Li, Libo Chen (Shanghai Jiao Tong University); Kui Ren (Zhejiang University)

Secure Multiparty Computation of Threshold Signatures Made More Efficient
Harry W. H. Wong, Jack P. K. Ma, Sherman S. M. Chow (The Chinese University of Hong Kong)

AAKA: An Anti-Tracking Cellular Authentication Scheme Leveraging Anonymous Credentials
Hexuan Yu, Changlai Du (Virginia Polytechnic Institute and State University); Yang Xiao (University of Kentucky); Angelos Keromytis (Georgia Institute of Technology); Chonggang Wang, Robert Gazda (InterDigital); Y. Thomas Hou, Wenjing Lou (Virginia Polytechnic Institute and State University)

PrintListener: Uncovering the Vulnerability of Fingerprint Authentication via the Finger Friction Sound
Man Zhou, Shuao Su (Huazhong University of Science and Technology); Qian Wang (Wuhan University); Qi Li (Tsinghua University); Yuting Zhou, Xiaojing Ma (Huazhong University of Science and Technology); Zhengxiong Li (University of Colorado Denver)

FreqFed: A Frequency Analysis-Based Approach for Mitigating Poisoning Attacks in Federated Learning
Hossein Fereidooni, Alessandro Pegoraro, Phillip Rieger (Technical University of Darmstadt); Alexandra Dmitrienko (University of Würzburg); Ahmad-Reza Sadeghi (Technical University of Darmstadt)

Towards Automated Regulation Analysis for Effective Privacy Compliance
Sunil Manandhar, Kapil Singh (IBM T.J. Watson Research Center); Adwait Nadkarni (William & Mary)

Security-Performance Tradeoff in DAG-based Proof-of-Work Blockchain Protocols
Shichen Wu (1. School of Cyber Science and Technology, Shandong University 2. Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education); Puwen Wei (1. School of Cyber Science and Technology, Shandong University 2. Quancheng Laboratory 3. Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education); Ren Zhang (Cryptape Co. Ltd. and Nervos); Bowen Jiang (1. School of Cyber Science and Technology, Shandong University 2. Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education)

Separation is Good: A Faster Order-Fairness Byzantine Consensus
Ke Mu (Southern University of Science and Technology, China); Bo Yin (Changsha University of Science and Technology, China); Alia Asheralieva (Loughborough University, UK); Xuetao Wei (Southern University of Science and Technology, China & Guangdong Provincial Key Laboratory of Brain-inspired Intelligent Computation, SUSTech, China)

Not your Type! Detecting Storage Collision Vulnerabilities in Ethereum Smart Contracts
Nicola Ruaro, Fabio Gritti, Robert McLaughlin, Ilya Grishchenko (University of California, Santa Barbara); Christopher Kruegel, Giovanni Vigna (UC Santa Barbara and VMware)

Powers of Tau in Asynchrony
Sourav Das (University of Illinois at Urbana-Champaign); Zhuolun Xiang (Aptos); Ling Ren (University of Illinois at Urbana-Champaign)

CAGE: Complementing Arm CCA with GPU Extensions
Chenxu Wang (Southern University of Science and Technology (SUSTech) and The Hong Kong Polytechnic University); Fengwei Zhang, Yunjie Deng (Southern University of Science and Technology (SUSTech)); Kevin Leach (Vanderbilt University); Jiannong Cao (The Hong Kong Polytechnic University); Zhenyu Ning (Hunan University); Shoumeng Yan, Zhengyu He (Ant Group)

Proof of Backhaul: Trustfree Measurement of Broadband Bandwidth
Peiyao Sheng (Kaleidoscope Blockchain Inc.); Nikita Yadav (Indian Institute of Science); Vishal Sevani, Arun Babu, Anand Svr (Kaleidoscope Blockchain Inc.); Himanshu Tyagi (Indian Institute of Science); Pramod Viswanath (Kaleidoscope Blockchain Inc.)

Understanding the Implementation and Security Implications of Protective DNS Services
Mingxuan Liu (Zhongguancun Laboratory; Tsinghua University); Yiming Zhang, Xiang Li, Chaoyi Lu, Baojun Liu (Tsinghua University); Haixin Duan (Tsinghua University; Zhongguancun Laboratory); Xiaofeng Zheng (Institute for Network Sciences and Cyberspace, Tsinghua University; QiAnXin Technology Research Institute & Legendsec Information Technology (Beijing) Inc.)

Efficient Use-After-Free Prevention with Opportunistic Page-Level Sweeping
Chanyoung Park, Hyungon Moon (UNIST)

From Interaction to Independence: zkSNARKs for Transparent and Non-Interactive Remote Attestation
Shahriar Ebrahimi, Parisa Hassanizadeh (IDEAS-NCBR)

EnclaveFuzz: Finding Vulnerabilities in SGX Applications
Liheng Chen (Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences; Institute for Network Science and Cyberspace of Tsinghua University); Zheming Li, Zheyu Ma (Institute for Network Science and Cyberspace of Tsinghua University); Yuan Li (Tsinghua University); Baojian Chen (Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences); Chao Zhang (Tsinghua University)

Certificate Transparency Revisited: The Public Inspections on Third-party Monitors
Aozhuo Sun (Institute of Information Engineering, Chinese Academy of Sciences); Jingqiang Lin (School of Cyber Science and Technology, University of Science and Technology of China); Wei Wang (Institute of Information Engineering, Chinese Academy of Sciences); Zeyan Liu (The University of Kansas); Bingyu Li (School of Cyber Science and Technology, Beihang University); Shushang Wen (School of Cyber Science and Technology, University of Science and Technology of China); Qiongxiao Wang (BeiJing Certificate Authority Co., Ltd.); Fengjun Li (The University of Kansas)

DRAINCLoG: Detecting Rogue Accounts with Illegally-obtained NFTs using Classifiers Learned on Graphs
Hanna Kim (KAIST); Jian Cui (Indiana University Bloomington); Eugene Jang, Chanhee Lee, Yongjae Lee, Jin-Woo Chung (S2W Inc.); Seungwon Shin (KAIST)

DorPatch: Distributed and Occlusion-Robust Adversarial Patch to Evade Certifiable Defenses
Chaoxiang He, Xiaojing Ma (Huazhong University of Science and Technology); Bin Benjamin Zhu (Microsoft Research Asia); Yimiao Zeng, Hanqing Hu, Xiaofan Bai, Hai Jin (Huazhong University of Science and Technology); Dongmei Zhang (Microsoft Research)

SyzBridge: Bridging the Gap in Exploitability Assessment of Linux Kernel Bugs in the Linux Ecosystem
Xiaochen Zou, Yu Hao (UC Riverside); Zheng Zhang, Juefei Pu (UC RIverside); Weiteng Chen (Microsoft Research, Redmond); Zhiyun Qian (UC Riverside)

K-LEAK: Towards Automating the Generation of Multi-Step Infoleak Exploits against the Linux Kernel
Zhengchuan Liang, Xiaochen Zou, Chengyu Song, Zhiyun Qian (UC Riverside)

VETEOS: Statically Vetting EOSIO Contracts for the “Groundhog Day” Vulnerabilities
Levi Taiji Li (University of Utah); Ningyu He (Peking University); Haoyu Wang (Huazhong University of Science and Technology); Mu Zhang (University of Utah)

Abusing the Ethereum Smart Contract Verification Services for Fun and Profit
Pengxiang Ma (Huazhong University of Science and Technology); Ningyu He (Peking University); Yuhua Huang, Haoyu Wang (Huazhong University of Science and Technology); Xiapu Luo (The Hong Kong Polytechnic University)

QUACK: Hindering Deserialization Attacks via Static Duck Typing
Yaniv David (Columbia University); Neophytos Christou (Brown University); Andreas D. Kellas (Columbia University); Vasileios P. Kemerlis (Brown University); Junfeng Yang (Columbia University)

TALISMAN: Tamper Analysis for Reference Monitors
Frank Capobianco, Quan Zhou, Aditya Basu (The Pennsylvania State University); Trent Jaeger (The Pennsylvania State University, University of California, Riverside); Danfeng Zhang (The Pennsylvania State University, Duke University)

Towards Precise Reporting of Cryptographic Misuses
Yikang Chen, Yibo Liu, Ka Lok Wu (The Chinese University of Hong Kong); Duc V Le (Visa Research); Sze Yiu Chau (The Chinese University of Hong Kong)

BGP-iSec: Improved Security of Internet Routing Against Post-ROV Attacks
Cameron Morris, Amir Herzberg, Bing Wang, Samuel Secondo (University of Connecticut)

UniID: Spoofing Face Authentication System by Universal Identity
Zhihao Wu, Yushi Cheng, Shibo Zhang, Xiaoyu Ji (Zhejiang University); Wenyuan Xu (Zhejing University)

Invisible Reflections: Leveraging Infrared Laser Reflections to Target Traffic Sign Perception.
Takami Sato (University of California Irvine); Sri Hrushikesh Varma Bhupathiraju (University of Florida); Michael Clifford (Toyota InfoTech Labs); Takeshi Sugawara (The University of Electro-Communications); Qi Alfred Chen (University of California, Irvine); Sara Rampazzi (University of Florida)

The CURE to Vulnerabilities in RPKI Validation
Donika Mirdita (fhg,tud); Haya Shulman, Niklas Vogel (fhg,gu); Michael Waidner (fhg,tud)

MirageFlow: A New Bandwidth Inflation Attack on Tor
Christoph Sendner, Jasper Stang, Alexandra Dmitrienko (University of Wüzburg); Raveen Wijewickrama, Murtuza Jadliwala (University of Texas at San Antonio)

DEMASQ: Unmasking the ChatGPT Wordsmith
Kavita Kumari (Technical University of Darmstadt, Germany); Alessandro Pegoraro (Technical University of Darmstadt); Hossein Fereidooni (Technische Universität Darmstadt); Ahmad-Reza Sadeghi (Technical University of Darmstadt)

Private Aggregate Queries to Untrusted Databases
Syed Mahbub Hafiz, Chitrabhanu Gupta, Warren Wnuck, Brijesh Vora, Chen-Nee Chuah (University of California, Davis)

From Hardware Fingerprint to Access Token: Enhancing the Authentication on IoT Devices
Yue Xiao (Wuhan University); Yi He (Tsinghua University); Xiaoli Zhang (Zhejiang University of Technology); Qian Wang (Wuhan University); Renjie Xie (Tsinghua University); Kun Sun (George Mason University); Ke Xu, Qi Li (Tsinghua University)

AnonPSI: An Anonymity Assessment Framework for PSI
Bo Jiang, Jian Du, Qiang Yan (TikTok Inc.)

SLMIA-SR: Speaker-Level Membership Inference Attacks against Speaker Recognition Systems
Guangke Chen (ShanghaiTech University); Yedi Zhang (National University of Singapore); Fu Song (Institute of Software, Chinese Academy of Sciences; University of Chinese Academy of Sciences)

You Can Use But Cannot Recognize: Preserving Visual Privacy in Deep Neural Networks
Qiushi Li (Tsinghua University); Yan Zhang (China Agricultural University); Ju Ren, Qi Li, Yaoxue Zhang (Tsinghua University)

Automatic Adversarial Adaption for Stealthy Poisoning Attacks in Federated Learning
Torsten Krauß, Jan König (University of Würzburg); Alexandra Dmitrienko (University of Würzburg); Christian Kanzow (University of Würzburg)

Experimental Analyses of the Physical Surveillance Risks in Client-Side Content Scanning
Ashish Hooda (UW-Madison); Andrey Labunets (UCSD); Tadayoshi Kohno (University of Washington); Earlence Fernandes (UC San Diego)


文章来源: https://www.ndss-symposium.org/ndss2024/accepted-papers/#The%20Dark%20Side%20of%20E-Commerce:%20Dropshipping%20Abuse%20as%20a%20Business%20Model
如有侵权请联系:admin#unsafe.sh